Skip to main content
NOPE
In Effect Standard AI Safety Context Relevance

ISO 42001

ISO/IEC 42001:2023 — AI Management Systems

First certifiable international standard for AI management systems. Uses Plan-Do-Check-Act methodology. Third-party certification available; major AI systems have achieved certification.

Jurisdiction

International

INTL

Enacted

Unknown

Effective

Dec 18, 2023

Enforcement

Not specified

Who Must Comply

This law applies to:

  • Organizations seeking AI management system certification

Who bears obligations:

DeveloperDeployer

This regulation places direct obligations on deployers (organizations using AI systems).

Safety Provisions

  • AI policy and objectives
  • Risk assessment processes
  • Controls for AI-specific risks
  • Monitoring and measurement
  • Continual improvement

Quick Facts

Binding
No
Mental Health Focus
No
Child Safety Focus
No
Algorithmic Scope
Yes

Why It Matters

Becoming de facto compliance demonstration mechanism. Organizations align with EU AI Act using ISO 42001 for risk assessments.

Recent Developments

Microsoft 365 Copilot, AWS, Google Cloud have achieved certification. Increasingly used as "audit language" in procurement.

Cite This

APA

International. (2023). ISO/IEC 42001:2023 — AI Management Systems. Retrieved from https://nope.net/regs/iso-42001

BibTeX

@misc{iso_42001,
  title = {ISO/IEC 42001:2023 — AI Management Systems},
  author = {International},
  year = {2023},
  url = {https://nope.net/regs/iso-42001}
}

Related Regulations

In Effect INTL AI Safety

ISO 23894

AI risk management guidance complementing ISO 31000. Lifecycle risk management; audit/procurement language.

In Effect INTL AI Safety

UNESCO AI Ethics

Global normative framework adopted by all 193 UN Member States. Policy Area 8 (Health and Social Wellbeing) directly addresses mental health AI.

In Effect AU-UNION AI Safety

AU AI Strategy

Continent-wide AI strategy endorsed by African Union Executive Council covering 55 member states. Phased implementation 2025-2030. Phase I (2025-2026) focuses on creating governance frameworks, developing national AI strategies, resource mobilization, and capacity building. Aims to harmonize AI development across Africa while respecting member state sovereignty.

In Effect BN Data Protection

Brunei PDPO

Brunei's personal data protection order requiring DPIA and imposing penalties up to 10% Brunei turnover or $1M.

In Effect IN Data Protection

India DPDP Act

STRICTEST children's provisions in APAC. Children = under 18; verifiable parental consent MANDATORY; PROHIBITION on tracking, behavioral monitoring, targeted advertising to children.

In Effect CARICOM Data Protection

CARICOM CCSCAP 2025

CARICOM's 2025 regional cyber security framework establishing digital safety culture and coordinated incident response across 18 member states.

Back to all regulations Check if this applies to you